one of the challenges we have with wireless networks is that they are in the air around us and anyone can tap in to that air to listen in on our network communication For that reason we need to engineer our wireless networks to allow the appropriate users access to the network and prevent access from anyone unauthorized This generally means we need to provide some type of authentication before someone can use the wireless network This might be a username a password or some other factor of authentication But of course if someone is listening into the network they'll be able to see all of the traffic going back and forth even if they are not authenticated to the network For that reason we also need to enable encryption on everything that goes over the air And with most wireless technologies we also need some way to confirm that the information that we've received has not been modified somehow along the way Our wireless technologies include an additional piece of information known as a message integrity check or MIC And this allows us to confirm that the information we've received really is the information that was sent If you've ever worked with a wireless protocol analyzer you know you simply turn it on and you can immediately start gathering information going across the air For that reason we need to be sure that as much information as possible is encrypted over that very open airway One way to do this on a traditional 802.11 wireless network is to use an encryption protocol such as WPA2 or WPA3 If we go back to 2002 a big shift took place in the encryption of data on wireless networks We transitioned from one of the original encryption types which was web that stands for wired equivalent privacy and we transitioned to a new style of encryption known as WPA WPA stands for Wi-Fi protected access We found significant cryptographic vulnerabilities with WE and that drove us towards this transition to WPA But this first implementation of WPA was designed to be a stop gap It was designed to prevent any of the cryptographic problems we had with WE but we knew we needed something longer term to be able to implement in the future One of the technologies associated with this WPA stop gap was that it encrypted using a technology known as TKIP This TKIP encryption ran on the existing access point hardware which means that we could still provide security over these wireless networks without having to replace any of our physical access points That transition period where we were using WPA for our encryption technology didn't last very long In 2004 we introduced WPA2 That's Wi-Fi protected access version 2 This was the update to WPA And the idea was that we'd be able to use WPA2 for an extended period of time WPA2 used a stronger type of encryption known as AES That's the advanced encryption standard This was a stronger encryption method than the TKIP we were using with WPA But in many cases it required additional processing power which means we needed to replace access points if we wanted to enable WPA2 encryption This change happened relatively quickly and most organizations were glad to swap out their access points if it meant that they would have better encryption over their wireless networks WPA2 has continued to provide strong encryption for our wireless networks and you'll still see many wireless networks running WPA2 as the encryption standard As time went on we continued to improve these standards for our wireless networks and WPA3 was introduced in 2018 This is Wi-Fi protected access version 3 There were a number of new features and capabilities introduced with WPA3 One of them was that the strength of the AES encryption used on the wireless network was increased to be more secure in WPA3 WPA3 also increased security for an initial key exchange that occurs when somebody first connects to the wireless network WPA3 also included a new feature to provide encryption on open networks So if you go to a coffee shop that has an open wireless network WPA3 can automatically create encryption keys so that even though the network is open everything going across the airways are still secure If you look at the configuration of the wireless settings on your access point you may see a number of different configuration options One of them is an open system This is one that has no password set and anyone can connect to that wireless network This might be the configuration you would find in a coffee shop or a hotel wireless network If you're setting up an access point for personal use especially at home you're probably configuring it with WPA2 or WPA3 encryption And for either of those you're probably assigning a password or passphrase to help protect that network If anybody visits you you simply provide them with that password and they're able to connect to your wireless network We refer to this password as a pre-shared key That's a key that you would provide to anyone who needs to connect to this wireless network and everybody on the wireless network is using the same key In a business however you don't want to have everyone using the same key to connect to the wireless network Every individual should have their own log on to the wireless connection If you were to look at your access point there's probably a configuration to configure WPA2 or WPA3 in an enterprise mode You might see this also listed as an 802.1x mode This is an authentication mode that requires someone to log in with their username and password and your access point uses a centralized authentication database to be able to confirm that this user is authenticating correctly to this wireless network This means that every person in your organization has a different login to the wireless network And if they leave the organization we can simply disable their account and they no longer have access to the wireless network